Thursday, November 29, 2012

DHCP Relay on CheckPoint R75.20

In case of requesting IP address from a DHCP server sitting behind a different FW interface, DHCP relay needs to be configured. In following example, DHCP server is in internal network and corresponding firewall interface is eth0. The DHCP client is in a DMZ and the matching firewall interface is eth1.
Step 1: Enable DHCP Relay:
  1. SSH to FW and run "sysconfig"
  2. Select option 8: "DHCP Relay Configuration"
  3. Define DHCP server IP address in "DHCP servers list"
  4. Select both eth0 and eth1 interface in "Relay via interfaces"
  5. Enable DHCP relay
Step 2: Configure Firewall Rules
  1. Open SmartDashborad and create following node or network objects:
    1. Server_DHCP - a node with DHCP server's IP address in the internal network
    2. DHCP_255.255.255.255 - this is a node with 255.255.255.255 address
    3. Network_X.X.X.X - this is the network of the DHCP scope
  2. Create following three rules:
    1. (source) Server_DHCP, (destination) Firewall object, (services) dhcp-relay && dhcp-rep-localmodule && dhcp-req-localmodule, Accept, Log
    2. (source) Network_X.X.X.X, (destination) Server_DHCP, (services) dhcp-relay && dhcp-rep-localmodule && dhcp-req-localmodule, Accept, Log
    3. (source) Any, (destination) DHCP_255.255.255.255, (services) dhcp-relay && dhcp-rep-localmodule && dhcp-req-localmodule, Accept, Log
dhcp-relay and dhcp-req-localmodule is UDP port 67 and dhcp-rep-localmodule is UDP 68. They should be predefined.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)